Smart Card Personnalization with Local Generation of Keys

1. A method for personalizing a smart card coupled with a communication device of a user being a subscriber of a first telecommunication network, a first international identity and a first authentication key being stored in the smart card, the method comprising: receiving, at the smart card, a first message from an application server connected to the first telecommunication network and a second telecommunication network, the first message comprising a personalization command and an admin code, the admin code being a unique code for accessing or modifying the smart card; interpreting, at the smart card, the personalization command to establish a secure session with a personalization server of the second telecommunication network via the application server if the admin code is valid; negotiating, at the smart card, with the personalization server to agree on a second authentication key by exchanging messages based on a Diffie-Hellman protocol, wherein the messages contain values derived from random secrets, the second authentication key being computed in the smart card and in the personalization server based on a function that takes as input at least the random secrets; receiving, at the smart card, a second message that contains a second international identity from the personalization server; and replacing, at the smart card, the first international identity and the first authentication key with the second international identity and the second authentication key.

2. The method according to claim 1 , wherein the negotiation between the smart card and the personalization server comprises: sending, at the smart card, a third message that contains a first value derived from a first random secret to the personalization server; and receiving, at the smart card, a fourth message that contains a second value derived from a second random secret from the personalization server, and computing the second authentication key as a function of a third value derived from the second value and the first random secret.

3. The method according to claim 1 , wherein a request of subscription change is sent to the application server by the communication device or by an entity of the second telecommunication network after user agreement.

4. The method according to claim 3 , wherein the request of subscription change comprises an identifier of the smart card and an identifier of the second telecommunication network.

5. The method according to claim 1 , wherein an application in the smart card checks if the admin code received in the first message is compatible with an admin code initially stored in the smart card to determine if the admin code is valid.

6. The method according to claim 1 , wherein the messages are encrypted short messages.

7. The method according to claim 1 , wherein the messages are decomposed in many messages.

8. The method according to claim 1 , wherein the messages contain data packets sent to the smart card through a service node and a gateway node of the second telecommunication network via the secured session.

9. The method according to claim 1 , wherein the communication device comprises a mobile phone, a Personal Digital Assistant (PDA), a smart phone, or an automatic counter of water, gas, or electricity belonging to a company in the energy sector.

10. The method according to claim 1 , wherein the secure session is based on Internet Protocol security (IPsec).

11. The method according to claim 1 , wherein the personalization server comprises a processing unit dedicated to computing authentication keys.

12. The method according to claim 1 , wherein the first message comprises the personalization command, the admin code and an identifier of the personalization server.

13. A smart card coupled with a communication device of a user being a subscriber of a first telecommunication network, a first international identity and a first authentication key being stored in the smart card, the smart card being adapted to: receive a first message from an application server connected to the first telecommunication network and a second telecommunication network, the first message comprising a personalization command and an admin code, the admin code being a unique code for accessing or modifying the smart card; interpret the personalization command to establish a secure session with a personalization server of the second telecommunication network via the application server if the admin code is valid; negotiate with the personalization server to agree on a second authentication key by exchanging messages based on a Diffie-Hellman protocol, wherein the messages contain values derived from random secrets, the second authentication key being computed in the smart card and in the personalization server based on a function that takes as input at least the random secrets; receive a second message that contains a second international identity from the personalization server; and replace the first international identity and the first authentication key with the second international identity and the second authentication key.

14. An application server for personalizing a smart card coupled with a communication device of a user being a subscriber of a first telecommunication network, a first international identity and a first authentication key being stored in the smart card, the application server being connected to the first telecommunication network and a second telecommunication network, the application server being adapted to: receive a request of subscription change comprising an identifier of the second telecommunication network and an identifier of the smart card; establish a secured session with a personalization server of the second telecommunication network identified by the identifier of the second telecommunication network; and send a first message comprising a personalization command and an admin code in order that the smart card interprets the personalization command to establish a secure session with the personalization server via the application server if the admin code is valid, the admin code being a unique code for accessing or modifying the smart card; negotiates with the personalization server to agree on a second authentication key by exchanging messages based on a Diffie-Hellman protocol, wherein the messages contain values derived from random secrets, the second authentication key being computed in the smart card and in the personalization server based on a function that takes as input at least the random secrets; receives a second message that contains a second international identity from the personalization server; and replaces the first international identity and the first authentication key with the second international identity and the second authentication key.

15. A personalization server for personalizing a smart card coupled with a communication device of a user being a subscriber of a first telecommunication network, a first international identity and a first authentication key being stored in the smart card, the personalization server being connected to a second telecommunication network, the personalization server being adapted to: establish a secure session with the smart card via an application server connected to the first and second telecommunication networks if an admin code received in a first message sent from the application server to the smart card is valid, the admin code being a unique code for accessing or modifying the smart card; negotiate with the smart card to agree on a second authentication key by exchanging messages based on a Diffie-Hellman protocol, wherein the messages contain values derived from random secrets, the second authentication key being computed in the smart card and in the personalization server based on a function that takes as input at least the random secrets; and send a second message that contains a second international identity to the smart card that is able to replace the first international identity and the first authentication key with the second international identity and the second authentication key.

16. A non-transitory computer readable storage information medium readable by a data processing device having computer readable instructions encoded therein, said computer readable instructions adapted to be executed in an application server for personalizing a smart card coupled with a communication device of a user being a subscriber of a first telecommunication network, a first international identity and a first authentication key being stored in the smart card, the application server being connected to the first telecommunication network and the second telecommunication network, said computer readable instructions adapted to be executed to implement a method, comprising: receiving a request of subscription change comprising an identifier of the second telecommunication network and an identifier of the smart card; establishing a secured session with a personalization server of the second telecommunication network identified by the identifier of the second telecommunication network; and sending a first message comprising a personalization command and an admin code in order that the smart card interprets the personalization command to establish a secure session with the personalization server via the application server if the admin code is valid, the admin code being a unique code for accessing or modifying the smart card; negotiates with the personalization server to agree on a second authentication key by exchanging messages based on a Diffie-Hellman protocol, wherein the messages contain values derived from random secrets, the second authentication key being computed in the smart card and in the personalization server based on a function that takes as input at least the random secrets; receives a second message that contains a second international identity from the personalization server; and replaces the first international identity and the first authentication key with the second international identity and the second authentication key.

17. A non-transitory computer readable storage information medium readable by a data processing device adapted to be executed in a personalization server for personalizing a smart card coupled with a communication device of a user being a subscriber of a first telecommunication network, a first international identity and a first authentication key being stored in the smart card, the personalization server being connected to the second telecommunication network, said computer readable instructions adapted to be executed to implement a method, comprising: establishing a secure session with the smart card via an application server connected to the first and second telecommunication networks if an admin code received in a first message sent from the application server to the smart card is valid, the admin code being a unique code for accessing or modifying the smart card; negotiating with the smart card to agree on a second authentication key by exchanging messages based on a Diffie-Hellman protocol, wherein the messages contain values derived from random secrets, the second authentication key being computed in the smart card and in the personalization server based on a function that takes as input at least the random secrets; and sending a second message that contains a second international identity to the smart card that is able to replace the first international identity and the first authentication key with the second international identity and the second authentication key.